First of all you need to verify the security question and answer from user and pass the question,answer to the following stored procedure. It will update random password and returns password, which you can sends to customer in email.
CREATE PROCEDURE [dbo].[prc_UpdatePassword]
(
@secretquestion varchar(100)='',
@secretanswer varchar(100)='',
@ReturnVal varchar(10) out
)
as
begin
if exists (select * from tbl_MUSR where secretquestion=@secretquestion and secretanswer=@secretanswer)
Begin
--Generate Random Password
Declare @Length int
DECLARE @strPassword varchar(32)
DECLARE @counter smallint
DECLARE @RandomNumber float
DECLARE @RandomNumberInt tinyint
DECLARE @CurrentCharacter varchar(1)
DECLARE @ValidCharacters varchar(255)
SET @ValidCharacters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-=+&$'
DECLARE @ValidCharactersLength int
declare @iLicence int
declare @iInsured varchar(10)
SET @ValidCharactersLength = len(@ValidCharacters)
SET @CurrentCharacter = ''
SET @RandomNumber = 0
SET @RandomNumberInt = 0
SET @strPassword = ''
SET NOCOUNT ON
SET @counter = 1
set @Length=8
WHILE @counter < (@Length + 1)
BEGIN
SET @RandomNumber = Rand()
SET @RandomNumberInt = Convert(tinyint, ((@ValidCharactersLength - 1) * @RandomNumber + 1))
SELECT @CurrentCharacter = SUBSTRING(@ValidCharacters, @RandomNumberInt, 1)
SET @counter = @counter + 1
SET @strPassword = @strPassword + @CurrentCharacter
END
update tbl_MUSR set Password=@strPassword where secretquestion=@secretquestion and secretanswer=@secretanswer
set @ReturnVal=@strPassword
end
else
set @ReturnVal='Not Found'
end